I am ready to install the certs - I have them at /opt/cert/ - can I use these non-self-signed certs?
@stephenb I am trying to follow your guide but do not know how to use the real certs.
Thanks for any help you can provide
Hi @ricwhitney
Yes you should be able to use the non-self signed.
Its about putting the right cert parts in the right places with the correct elasticsearch yml config.
BTW I am not a certs internal expert ... I know how to generate certs and where to put them, but I probably can not help you a lot if the certs you generated are not valid.
after much trial and error, I have finally got my elasticsearch and kibana working.
Here is the relevant entries in elasticsearch.yml:
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.key: cert/domain.key
xpack.security.http.ssl.certificate: cert/ca_bundle.pem
xpack.security.http.ssl.certificate_authorities: cert/ca_bundle.pem
xpack.security.transport.ssl.key: cert/domain.key
xpack.security.transport.ssl.certificate: cert/ca_bundle.pem
xpack.security.transport.ssl.certificate_authorities: cert/ca_bundle.pem
and here is the relevant stuff in kibana.yml:
elasticsearch.username: "elastic"
elasticsearch.password: "elastic password"
server.ssl.enabled: true
server.ssl.certificate: /etc/ssl/certs/chained.pem
server.ssl.key: /etc/ssl/certs/domain.key
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.